
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


10/612,703 


07/02/2003 


Thomas Gross 


AUS920030435US1 


4415 



35525 7590 05/10/2007 

IBM CORP (YA) 
C/O YEE & ASSOCIATES PC 
P.O. BOX 802333 
DALLAS, TX 75380 



EXAMINER 



HIGA, BRENDAN Y 



ART UNIT 



PAPER NUMBER 



2153 



MAIL DATE 



DELIVERY MODE 



05/10/2007 



PAPER 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



Office Action Summary 


Application No. 

10/612,703 


Applicant(s) 

GROSS ET AL 


Examiner 
Brendan Y. Higa 


Art Unit 

2153 





-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

I )EJ Responsive to communication(s) filed on 02 July 2003 . 

2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [>3 Claim(s) 1-25 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) KI Claim(s) 7-25 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)[g) The drawing(s) filed on 02 July 2003 is/are: a)KI accepted or b)D objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

II )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
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1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. _. 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

This communication is in response to the application filed on July 02, 2003. 
Claims 1-25 are pending. 

Priority 

No claim for priority has been made in this application. 

The effective filing date for the subject matter defined in the pending claims in this 
application is July 02, 2003. 

Drawings 

The Examiner contends that the drawings submitted on July 02, 2003 are acceptable for 
examination proceedings. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claims 1,11, and 20 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claim 1 recites the following limitation: "the container" in line 16. There is insufficient 
antecedent basis for the limitation in the claim. However, for the purpose of this office 
action the examiner has interpreted the limitation in view of "the response". 
Appropriate correction is required. 
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Claims 1 1 and 20 are rejected under the same rationale as claim 1. 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 20-25 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

The claimed invention is directed to a computer program product, in a computer 
readable medium, however, in the specification, see page 24, the applicant provides 
evidence that he/she intends for the computer readable medium to include transmission 
type media, such as digital and analog communications links, wired or wireless 
communications links using transmission forms, such as, for example, radio frequency 
and light wave transmissions which are non-statutory subject matter under 35 U.S.C 
101. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
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applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1, 5, 8, 9, 11, 15, 18, 20, and 22 rejected under 35 U.S.C. 102(e) as being 
anticipated by Mercredi et al. (US 2004/0059590), hereafter referred to as Mercredi. 

As per claim 1, Mercredi teaches a method for dynamic access decision information 
retrieval, the method comprising: receiving a request for access decision information 
from an application (second application, "the second application 85, may conventionally 
prompt the user to provide data and credentials necessary for enrollment", see [0069] 
and Fig. 2, ref. 91, and 84-87), wherein the request identifies one or more entitlement 
information items {"credentials necessary for enrollment" see [0069]); determining an 
information provider for a given entitlement information item within the one or more 
entitlement information items ("first application", see abstract and for determination 
steps see [0050]-[0060]); retrieving the given entitlement information item from the 
information provider (see [0045]); forming a response, wherein the response includes 
the one or more entitlement information items ("authentication credential", see [0024]); 
and returning the response to the application (see [0009], "where a match is 
determined the enrollment credential of the first application is stored at the enrollment 
credential for the second application'). 

As per claim 5, Mercredi further teaches, wherein the step of retrieving the given 
entitlement information item includes: generating a retrieval client, wherein the retrieval 
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client retrieves the given entitlement information item from the information provider 
("retrieving an enrollment credential from the first application", see [0042]). 

As per claim 8, Mercredi further teaches the application being an access manager 
("local enrollment policy", see [0055], read as an access manager). 

As per claim 9, Mercredi further teaches the access manager includes a rules engine 
("local enrollment policy", see [0055], read as an access manager including a rules 
engine). 

Claims 11, 15, 18, 20, and 22 are rejected under the same rationale as claims 1, 5, 8, 
and 9 since they recite substantially identical subject matter. Any differences between 
the claims do not result in patentably distinct claims and all of the limitations are taught 
by the above cited art. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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This application currently names joint inventors. In considering patentability of the 
claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the 
various claims was commonly owned at the time any inventions covered therein were 
made absent any evidence to the contrary. Applicant is advised of the obligation under 
37 CFR 1 .56 to point out the inventor and invention dates of each claim that was not 
commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

Claims 2, 3, 12, 13, and 21 are rejected under 35 U.S.C. 103(a) as being obvious 
over Mercredi (US 2004/0059590), in further view of Lambert (US 2004/0044779). 

As per claim 2, Mercredi teaches storing the retrieved given entitlement information item 
in a local storage (see [0009], "where a match is determined the enrollment credential of 
the first application is stored at the enrollment credential for the second application'), 
Mercredi does not expressly teach caching the retrieved information entitlement 
information in a local storage. 

However, in the same art of network security and authentication, Lambert teaches a 
system for locating and retrieving user rights data (read as entitlement information) from 
a remote location (see DRM server Fig. 4, ref. 550 or remote DRM bureau Fig. 15, ref. 
1504 and [01 17-[01 80]) and caching the retrieved user rights in a local cache storage 
(see [0116]). 
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One of skill in the art would have been motivated to combine the teachings of Mercredi 
with the teachings of Lambert for implementing a cache at the second application in 
order to provide the application with quick access to user enrollment credentials. 

As per claim 3, the combination of Mercredi and Lambert teaches the invention 
substantially as claimed as noted above. Furthermore, Lambert teaches identifying a 
cached entitlement information item within the one or more entitlement information item; 
and retrieving the cached entitlement information item from a local storage ("checks its 
local client-side rights cache(s) for prior authorization", see [01 16]). 
The same motivation that was utilized for combining Mercredi and Lambert in claim 2 
applies equally well to claim 3. 

Claims 12, 13, and 21 are rejected under the same rationale as claims 2 and 3 since 
they recite substantially identical subject matter. Any differences between the claims do 
not result in patentably distinct claims and all of the limitations are taught by the above 
cited art. 

Claims 6, 7, 16, 17, 23, and 24 are rejected under 35 U.S.C. 103(a) as being 
obvious over Mercredi (US 2004/0059590) in view of Kausik et al. (US 6263446), 
hereafter referred to as Kausik. 



As per claims 6, Mercredi does not expressly teach wherein the retrieval client 
generates a protocol module and wherein the protocol module retrieves the given 
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entitlement information item from the information provider using a provider specific 
protocol. 

However, in the same art security credential managmenent, Kausik teaches a system 
for downloading credentials from a remote server, using a challenge-response protocol 
(read as a provider specific protocol, see col. 2, lines 10-24). 

One of skill in the art would have been motivated to combine the teachings of Mercredi 
and Kausik in order to enhance security associated with the transmission of credential 
information across the network presented by Mercredi. 

As per claim 7, Kausik further teaches, wherein the retrieved given entitlement 
information item is in the form of a container ("wallet", see col. 4, lines 1-12). 
The same motivation that was utilized for combining Mercredi and Kausik in claim 6 
applies equally well to claim 7. 

Claims 16, 17, 23, and 24 are rejected under the same rationale as claims 6 and 7 since 
they recite substantially identical subject matter. Any differences between the claims do 
not result in patentably distinct claims and all of the limitations are taught by the above 
cited art. 

Claims 4 and 14 are rejected under 35 U.S.C. 103(a) as being obvious over 
Mercredi (US 2004/0059590), in view of Lambert (US 2004/0044779), in further view 
of Kausik (US 6263446). 
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As per claims 4 and 14, Mercredi in view of Lambert teaches the invention substantially 
as claimed as noted above. 

Mercredi in view of Lambert does not expressly teach wherein the retrieved given 
entitlement information item is in the form of a container. 

However, in the same art as noted above, Kausik teaches a system for downloading 
credentials from a remote server wherein the retrieved credential information item is in 
the form of a container ("wallet", see col. 4, lines 1-12). 

The same motivation that was utilized for combining Mercredi and Kausik in claim 6 
applies equally well to claim 4. 

Claims 10, 19, and 25 are rejected under 35 U.S.C. 103(a) as being obvious over 
Mercredi (US 2004/0059590) in further view of Mont et al. (US 2002/0116646), 
hereafter referred to as Mont. 

As per claims 10, 19, and 25, Mercredi does not expressly teach the response being an 
extensible markup language document. 

However, in the same art of security credential managmenent, Mont teaches a system 
for exchanging digital credentials between a first node and a second node wherein an 
extensible markup language document is utilized for the transfer of the digital credential 
information (see [0074]-[0077]). 

One of skill in the art would have been motivated to combine the teachings of Mercredi 
with the teachings of Mont in order to take advantage of the flexible document structure 
and syntax inherent to the XML language. 
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Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Barriaga et al. (US 2005/0154913), teaches a system for linking Authentication 
Providers to provide a user with a single sign on service. 

Lin et al. (US 6052785), teaches caching users credentials at a middle tier server for 
future use for accessing back-end servers. 

Blacket, III et al. (US 6067623), teaches a middle tier server fro transforming client 
access authorization into enterprise resource credentials. 
Dias et al. (US 6170017), teaches a system for generating client authentication 
information for accessing a server group. 

Brown et al. (US 5941947) teaches a system for controlling access to a plurality of 
application servers, wherein the application server include a cache for caching user 
credential information provided to them by multiple authentication server. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brendan Y. Higa whose telephone number is (571)272- 
5823. The examiner can normally be reached on M-F 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glenton Burgess can be reached on (571)272-3949. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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